The number of log files to keep. When the threshold of the log file reaches the configured maximum (see Log File Threshold), the log file is copied and a new log file is created. This setting specifies how many generations (incl. the active log file) should be kept. This is a positive numeric value. The default value is 5. This property is ignored if the Log File Threshold property specifies time/date controlled log file rotation.

Controls the rotation of the log file by setting a maximum file size or a time/date schedule at which to rotate the log file. A size limit can be specified setting a pure number indicating the number of bytes or a number with a size indicator KB, MB, or GB (case is ignored). A time/date schedule can be specified as a java.util.SimpleDateFormat pattern. The default is "'.'yyyy-MM-dd" (daily log rotation).

The name and path of the Logback Config file. If this is empty, then default configuration would be used. If this path is relative it is resolved below ${sling.home}. See http://logback.qos.ch/manual/ for details.

The number of log files to keep. When the threshold of the log file reaches the configured maximum (see Log File Threshold), the log file is copied and a new log file is created. This setting specifies how many generations (incl. the active log file) should be kept. This is a positive numeric value. The default value is 5. This property is ignored if the Log File Threshold property specifies time/date controlled log file rotation.

Controls the rotation of the log file by setting a maximum file size or a time/date schedule at which to rotate the log file. A size limit can be specified setting a pure number indicating the number of bytes or a number with a size indicator KB, MB, or GB (case is ignored). A time/date schedule can be specified as a java.util.SimpleDateFormat pattern. The default is "'.'yyyy-MM-dd" (daily log rotation).

By default logging events are immediately written to disk and will not be lost in case your application exits without properly closing appenders. If set to true and if appenders are not closed properly when your application exits, then logging events not yet written to disk may be lost. See http://logback.qos.ch/manual/encoders.html#immediateFlush

The logger names applicable for this logger configuration. Each logger name applies for any child category unless configured otherwise. E.g. a logger name of org.apache.sling applies to logger org.apache.sling.commons unless there is a different configuration for org.apache.sling.commons.

If set to false then logs from these loggers would not be sent to any appender attached higher in the hierarchy

BOOLEAN

Instance Name

sling.name

Apache Sling Settings Service org.apache.sling.settings.impl.SlingSettingsServiceImpl :- The settings service manages some basic settings of Sling like run modes or information about the current instance.

A human readable name for the current instance.

STRING

Instance Description

sling.description

Apache Sling Settings Service org.apache.sling.settings.impl.SlingSettingsServiceImpl :- The settings service manages some basic settings of Sling like run modes or information about the current instance.

The size of the thread pool used for event delivery. The default value is 20. Increase in case of a large amount of events. A value of less then 2 triggers the default value. If the pool is exhausted, event delivery is blocked until a thread becomes available from the pool. Each event is delivered in a thread from the pool unless the ignore timeouts is configured for the receiving event handler.

The ratio of asynchronous to synchronous threads in the internal thread pool. Ratio must be positive and may be adjusted to represent the distribution of post to send operations. Applications with higher number of post operations should have a higher ratio.

The black-listing timeout in milliseconds. The default value is 5000. Increase or decrease at own discretion. A value of less then 100 turns timeouts off. Any other value is the time in milliseconds granted to each event handler before it gets blacklisted

Are event handlers required to be registered with a topic? This is enabled by default. The specification says that event handlers must register with a list of topics they are interested in. Disabling this setting will enable that handlers without a topic are receiving all events (i.e., they are treated the same as with a topic=*).

Configure event handlers to be called without a timeout. If a timeout is configured by default all event handlers are called using the timeout. For performance optimization it is possible to configure event handlers where the timeout handling is not used - this reduces the thread usage from the thread pools as the timout handling requires an additional thread to call the event handler. However, the application should work without this configuration property. It is a pure optimization! The value is a list of strings. If a string ends with a dot, all handlers in exactly this package are ignored. If the string ends with a star, all handlers in this package and all subpackages are ignored. If the string neither ends with a dot nor with a star, this is assumed to define an exact class name.

For performance optimization it is possible to configure topics which are ignored by the event admin implementation. In this case, a event is not delivered to registered event handlers. The value is a list of strings (separated by comma). If a single value ends with a dot, all topics in exactly this package are ignored. If a single value ends with a star, all topics in this package and all sub packages are ignored. If a single value neither ends with a dot nor with a start, this is assumed to define an exact topic. A single star can be used to disable delivery completely.

Whether or not to enable the support for creating Factory Component instances based on factory configuration. This is an Apache Felix SCR specific extension, explicitly not supported by the Declarative Services specification. Reliance on this feature prevent the component from being used with other Declarative Services implementations. The default value is false to disable this feature.

Whether or not to keep instances of delayed components once they are not referred to any more. The Declarative Services specifications suggests that instances of delayed components are disposed off if there is not used any longer. Setting this flag causes the components to not be disposed off and thus prevent them from being constantly recreated if often used. Examples of such components may be EventHandler services. The default is to dispose of unused components.

The Servlet Context Path to use for the Http Service. If this property is not configured it defaults to "/". This must be a valid path starting with a slash and not ending with a slash (unless it is the root context).

List of SSL protocols to include by default. Protocols may be any supported by the Java platform such as SSLv2Hello, SSLv3, TLSv1, TLSv1.1, or TLSv1.2. Any listed protocol not supported is silently ignored. Default is none assuming to use any protocol enabled and supported on the platform.

List of SSL protocols to exclude. This property further restricts the enabled protocols by explicitly disabling. Any protocol listed in both this property and the Included protocols property is excluded. Default is none such as to accept all protocols enabled on platform or explicitly listed by the Included protocols property.

The Http Service Selector is an OSGi filter used to select the Http Service towhich the Web Console binds. The value of this property (if not empty) iscombined the object class selection term to get the actual service selectionfilter like (&(objectClass=org.osgi.service.http.HttpService)(selector)). Thisproperty must not have leading an trailing parentheses. For example, to bindto the service with service ID 15 set the selector to 'service.id=15' (withoutthe quotes). By default (if this property is not set or set to an emptystring) the Web Console binds with any Http Service available.

The default category (menu label) to be used for plugins not registered with a felix.webconsole.category service property or overwriting the AbstractWebConsole.getCategory() method. The default value is "Main".

Apache Felix Web Console Event Plugin org.apache.felix.webconsole.plugins.event.internal.PluginServlet :- This is a plugin for the Apache Felix Web Console displaying all events occuring in the system.

The minimum interval between two consecutive memory dumps being taken in seconds. This property allows the limitation of the number of memory dumps being taken. The default value for the interval is 6 hours. This means that a memory threshold event is ignored unless the last memory dump has been taken at least 6 hours earlier. This property allows limiting the number of memory dumps in case memory consumption is oscillating around the threshold point. The property must be an integer value or be parseable to an integer value. This should be a positive value or zero to force each memory threshold event to cause a memory dump (discouraged).

The filesystem location where heap dumps are stored. If this is null or empty (the default) the dumps are stored in /adobe/ToolsDailyUsage/cq62/author/crx-quickstart/launchpad/felix/bundle44/data/dumps

Policy to manage global configuration. (1) Default: Global configuration is not modified. (2). Replace Global Configuration: Global configuration is replaced with OSGi based configuration (3). Proxy Global Configuration: Global configuration would be replaced with proxy configuration. The proxy would check with OSGi based configuration. If no config is found it would look in default global configuration

Properties in the form of key value pairs that are passed on to the LoginModule(name=value pairs)

STRING

Datasource name(*)

datasource.name

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

Name of this data source (required)

STRING

DataSource Service Property Name

datasource.svc.prop.name

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

Name of the service property which would store the DataSource Name whileregistering the DataSource instance as OSGi service

STRING

datasource.name

JDBC driver class

driverClassName

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

Java class name of the JDBC driver to use

STRING

JDBC connection URI

url

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

URI of the JDBC connection to use e.g. jdbc:mysql://localhost:3306/mysql

STRING

Username

username

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The connection username to be passed to our JDBC driver to establish a connection

STRING

Password

password

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The connection password to be passed to our JDBC driver to establish a connection.

PASSWORD

Auto Commit

defaultAutoCommit

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The default auto-commit state of connections created by this pool. (If 'default' then the setAutoCommit method will not be called.)

STRING

Default -- defaulttrue -- truefalse -- false

Readonly

defaultReadOnly

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The default read-only state of connections created by this pool.

STRING

Default -- defaulttrue -- truefalse -- false

Transaction Isolation

defaultTransactionIsolation

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The default TransactionIsolation state of connections created by this pool. If 'default', the method will not be called and it defaults to the JDBC driver.

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The default catalog of connections created by this pool.

STRING

Max Active Connections

maxActive

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The maximum number of active connections that can be allocated from this pool at the same time. The default value is 100

INTEGER

100

Max Idle Connections

maxIdle

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The maximum number of connections that should be kept in the pool at all times. Idle connections are checked periodically (if enabled) and connections that been idle for longer than minEvictableIdleTimeMillis will be released. (also see testWhileIdle)

INTEGER

100

Min Idle Connections

minIdle

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The minimum number of established connections that should be kept in the pool at all times. The connection pool can shrink below this number if validation queries fail. Default value is derived frominitialSize:10 (also see testWhileIdle)

INTEGER

10

Initial Size

initialSize

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The initial number of connections that are created when the pool is started. Default value is 10

INTEGER

10

Max Wait

maxWait

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The maximum number of milliseconds that the pool will wait (when there are no availableconnections) for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)

INTEGER

30000

Max Age

maxAge

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

Time in milliseconds to keep this connection.

INTEGER

0

Test on Borrow

testOnBorrow

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The indication of whether objects will be validated before being borrowed from the pool.

BOOLEAN

false

Test on Return

testOnReturn

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The indication of whether objects will be validated before being returned to the pool.

BOOLEAN

false

Test while Idle

testWhileIdle

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The indication of whether objects will be validated by the idle object evictor (if any).

BOOLEAN

false

Validation Query

validationQuery

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default value is null. Example values are SELECT 1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)

STRING

Validation Query timeout

validationQueryTimeout

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The timeout in seconds before a connection validation queries fail. A value less than or equal to zero will disable this feature. The default value is -1.

INTEGER

-1

Eviction Run Interval

timeBetweenEvictionRunsMillis

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The number of milliseconds to sleep between runs of the idle connectionvalidation/cleaner thread.

INTEGER

5000

Eviction Idle Time

minEvictableIdleTimeMillis

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The minimum amount of time an object may sit idle in the pool before it is eligible for eviction.

INTEGER

60000

Connection Properties

connectionProperties

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

The connection properties that will be sent to our JDBC driver when establishing new connections. Format of the string must be [propertyName=property;]* NOTE - The "user" and "password" propertieswill be passed explicitly, so they do not need to be included here.

STRING

Init Sql

initSQL

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

A custom query to be run when a connection is first created

STRING

JDBC Interceptors

jdbcInterceptors

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

A semicolon separated list of classnames of JDBCInterceptor. See http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Configuring_JDBC_interceptors for more details

STRING

StatementCache;SlowQueryReport(threshold=10000);ConnectionState

Validation Interval

validationInterval

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

avoid excess validation, only run validation at most at this frequency - time in milliseconds. If a connection is due for validation, but has been validated previously within this interval, it will not be validated again.

INTEGER

30000

Log Validation Error

logValidationErrors

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

Set this to true to log errors during the validation phase to the log file

BOOLEAN

true

Additional Properties

datasource.svc.properties

Apache Sling Connection Pooled DataSource org.apache.sling.datasource.DataSourceFactory :- Creates a DataSource services based on configuration provided. For more details on the various properties refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes

Properties that are added additionally to the underlying DataSource provider(name=value pairs). Refer to http://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Common_Attributes for various property names and details.

STRING

Datasource name(*)

datasource.name

Apache Sling JNDI DataSource org.apache.sling.datasource.JNDIDataSourceFactory :- Registers a DataSource instance with OSGi ServiceRegistry which is looked up from the JNDI

Name of this data source (required)

STRING

DataSource Service Property Name

datasource.svc.prop.name

Apache Sling JNDI DataSource org.apache.sling.datasource.JNDIDataSourceFactory :- Registers a DataSource instance with OSGi ServiceRegistry which is looked up from the JNDI

Name of the service property which would store the DataSource Name whileregistering the DataSource instance as OSGi service

STRING

datasource.name

JNDI Name (*)

datasource.jndi.name

Apache Sling JNDI DataSource org.apache.sling.datasource.JNDIDataSourceFactory :- Registers a DataSource instance with OSGi ServiceRegistry which is looked up from the JNDI

JNDI location name used to perform DataSource instance lookup

STRING

JNDI Properties

jndi.properties

Apache Sling JNDI DataSource org.apache.sling.datasource.JNDIDataSourceFactory :- Registers a DataSource instance with OSGi ServiceRegistry which is looked up from the JNDI

Set the environment for the JNDI InitialContext i.e. properties passed on to InitialContext for performing the JNDI instance lookup. Each row form a map entry where each row format be propertyName=property e.g. java.naming.factory.initial=exampleFactory

Apache Felix Http Service SSL Filter org.apache.felix.http.sslfilter.SslFilter :- Configuration for the Http Service SSL Filter. Please consult the documentation of your proxy for the actual headers and values to use.

HTTP Request header name that indicates a request is a SSL request terminated at a proxy between the client and the originating server. The default value is 'X-Forwarded-SSL' as is customarily used in the wild. Other commonly used names are: 'X-Forwarded-Proto' (Amazon ELB), 'X-Forwarded-Protocol' (alternative), and 'Front-End-Https' (Microsoft IIS).

STRING

X-Forwarded-SSL

SSL forward value

ssl-forward.value

Apache Felix Http Service SSL Filter org.apache.felix.http.sslfilter.SslFilter :- Configuration for the Http Service SSL Filter. Please consult the documentation of your proxy for the actual headers and values to use.

HTTP Request header value that indicates a request is a SSL request terminated at a proxy. The default value is 'on'. Another commonly used value is 'https'.

STRING

on

SSL client header

ssl-forward-cert.header

Apache Felix Http Service SSL Filter org.apache.felix.http.sslfilter.SslFilter :- Configuration for the Http Service SSL Filter. Please consult the documentation of your proxy for the actual headers and values to use.

HTTP Request header name that contains the client certificate forwarded by a proxy. The default value is 'X-Forwarded-SSL-Certificate'. Another commonly used value is 'X-Forwarded-SSL-Client-Cert'.

Provides mappings from service name to user names. Each entry is of the form 'bundleId [ ":" subServiceName ] "=" userName' where bundleId and subServiceName identify the service and userName defines the name of the user to provide to the service. Invalid entries are logged and ignored.

Provides mappings from service name to user names. Each entry is of the form 'bundleId [ ":" subServiceName ] "=" userName' where bundleId and subServiceName identify the service and userName defines the name of the user to provide to the service. Invalid entries are logged and ignored.

Returns the maximum depth of group nesting when membership relations are synced. A value of 0 effectively disables group membership lookup. A value of 1 only adds the direct groups of a user. This value has no effect when syncing individual groups only when syncing a users membership ancestry.

The realm name (or application name) against which the LoginModule is be registered. If no realm name is provided then LoginModule is registered with a default realm as configured in the Felix JAAS configuration.

Apache Jackrabbit Oak StatisticsProviderFactory org.apache.jackrabbit.oak.plugins.metric.StatisticsProviderFactory :- Creates a statistics providers used by Oak. By default if checks if Metrics (See http://metrics.dropwizard.io) library is present then that is used. Otherwise it fallbacks to default

Configuration option to enable autosave behavior. Note: this config option is present for backwards compatibility with Jackrabbit 2.x and should only be used for broken code that doesn't properly verify the autosave behavior (see Jackrabbit API). If this option is turned on autosave will be enabled by default; otherwise autosave is not supported.

Maximum number of passwords recorded for a user after changing her password (NOTE: upper limit is 1000). When changing the password the new password must not be present in the password history. A value of 0 indicates no password history is recorded.

Optional configuration defining the number of milliseconds until the principal cache expires (NOTE: currently only respected for principal resolution with the internal system session such as used for login). If not set or equal/lower than zero no caches are created/evaluated.

LONG

0

Mongo URI

mongouri

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Mongo connection URI used to connect to Mongo. Refer to http://docs.mongodb.org/manual/reference/connection-string/ for details. Note that this value can be overridden via framework property 'oak.mongo.uri'

STRING

mongodb://localhost:27017/oak

Mongo DB name

db

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Name of the database in Mongo. Note that this value can be overridden via framework property 'oak.mongo.db'

STRING

oak

Cache Size (in MB)

cache

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Cache size in MB. This is distributed among various caches used in DocumentNodeStore

INTEGER

256

NodeState Cache

nodeCachePercentage

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Percentage of cache to be allocated towards Node cache

INTEGER

25

PreviousDocument Cache

prevDocCachePercentage

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Percentage of cache to be allocated towards Previous Document cache

INTEGER

4

NodeState Children Cache

childrenCachePercentage

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Percentage of cache to be allocated towards Children cache

INTEGER

10

Diff Cache

diffCachePercentage

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Percentage of cache to be allocated towards Diff cache

INTEGER

5

Document Children Cache

docChildrenCachePercentage

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Percentage of cache to be allocated towards Document children cache

INTEGER

3

LIRS Cache Segment Count

cacheSegmentCount

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

The number of segments in the LIRS cache (default 16, a higher count means higher concurrency but slightly lower cache hit rate)

INTEGER

16

LIRS Cache Stack Move Distance

cacheStackMoveDistance

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

The delay to move entries to the head of the queue in the LIRS cache (default 16, a higher value means higher concurrency but slightly lower cache hit rate)

INTEGER

16

Blob Cache Size (in MB)

blobCacheSize

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Cache size to store blobs in memory. Used only with default BlobStore (as per DocumentStore type)

INTEGER

16

Persistent Cache Config

persistentCache

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Configuration for enabling Persistent cache. By default it is not enabled. Refer to http://jackrabbit.apache.org/oak/docs/nodestore/persistent-cache.html for various options

STRING

Custom BlobStore

customBlobStore

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Boolean value indicating that a custom BlobStore is to be used. By default, for MongoDB, MongoBlobStore is used; for RDB, RDBBlobStore is used.

BOOLEAN

false

Journal Garbage Collection Interval (millis)

journalGCInterval

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Long value indicating interval (in milliseconds) with which the journal (for external changes) is cleaned up. Default is 300000

LONG

300000

Maximum Age of Journal Entries (millis)

journalGCMaxAge

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

The journal gc queries the journal for entries older than configured to delete them. It does so in batches to speed up the process. The batch size can be configured via this property. The trade-off is between reducing number of operations with a larger batch size, and consuming more memory less memory with a smaller batch size.

INTEGER

100

Version GC Max Age (in secs)

versionGcMaxAgeInSecs

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Version Garbage Collector (GC) logic will only consider those deleted for GC which are not accessed recently (currentTime - lastModifiedTime > versionGcMaxAgeInSecs). For example as per default only those document which have been *marked* deleted 24 hrs ago will be considered for GC. This also applies how older revision of live document are GC.

LONG

86400

Blob GC Max Age (in secs)

blobGcMaxAgeInSecs

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Blob Garbage Collector (GC) logic will only consider those blobs for GC which are not accessed recently (currentTime - lastModifiedTime > blobGcMaxAgeInSecs). For example as per default only those blobs which have been created 24 hrs ago will be considered for GC

LONG

86400

Max Replication Lag (in secs)

maxReplicationLagInSecs

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Value in seconds. Determines the duration beyond which it can be safely assumed that the state on the secondaries is consistent with the primary, and it is safe to read from them

LONG

21600

DocumentStore Type

documentStoreType

Apache Jackrabbit Oak Document NodeStore Service org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#DocumentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

The SecurityProvider will not register itself unless the services identified by these PIDs are registered first. Only the PIDs of implementations of the following interfaces are checked: AuthorizationConfiguration, PrincipalConfiguration, TokenConfiguration, AuthorizableActionProvider, RestrictionProvider and UserAuthenticationFactory.

Limit for number of boolean clauses generated for handling of OR query

INTEGER

1024

Directory

repository.home

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Directory location used to store the segment tar files. If not specified then looks for framework property 'repository.home' otherwise use a subdirectory with name 'tarmk'

STRING

Mode

tarmk.mode

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

TarMK mode (64 for memory mapping, 32 for normal file access)

STRING

Maximum Tar File Size (MB)

tarmk.size

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

TarMK maximum file size (MB)

INTEGER

256

Cache size (MB)

cache

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Cache size for storing most recently used Segments

INTEGER

256

Clone Binaries

compaction.cloneBinaries

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Clone the binary segments while performing compaction

BOOLEAN

false

Cleanup Strategy

compaction.cleanup

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Cleanup strategy used for live in memory segment references while performing cleanup. 1. CLEAN_NONE: All in memory references are considered valid, 2. CLEAN_OLD: Only in memory references older than a certain age are considered valid (compaction.cleanup.timestamp), 3. CLEAN_ALL: None of the in memory references are considered valid

STRING

CLEAN_OLD

CLEAN_ALL -- CLEAN_ALLCLEAN_NONE -- CLEAN_NONECLEAN_OLD -- CLEAN_OLD

Reference expiry time (ms)

compaction.cleanup.timestamp

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Time interval in ms beyond which in memory segment references would be ignored while performing cleanup

LONG

36000000

Memory Multiplier

compaction.memoryThreshold

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

TarMK compaction available memory multiplier needed to run compaction

BYTE

5

Compaction gain threshold

compaction.gainThreshold

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

TarMK compaction gain threshold. The gain estimation prevents compaction from running if the provided threshold is not met. Value represents a percentage so an input beween 0 and 100 is expected.

BYTE

10

Pause Compaction

pauseCompaction

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

When enabled compaction would not be performed

BOOLEAN

true

Compaction Retries

compaction.retryCount

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Number of tries to compact concurrent commits on top of already compacted commits

INTEGER

5

Force Compaction

compaction.forceAfterFail

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Whether or not to force compact concurrent commits on top of already compacted commits after the maximum number of retries has been reached. Force committing tries to exclusively write lock the node store.

BOOLEAN

false

Compaction Lock Wait Time

compaction.lockWaitTime

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Number of seconds to wait for the lock for committing compacted changes respectively to wait for the exclusive write lock for force committing.

INTEGER

60

Persist Compaction Map

persistCompactionMap

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

When enabled the compaction map would be persisted instead of being held in memory

BOOLEAN

true

Standby Mode

standby

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Flag indicating that this component will not register as a NodeStore but just as a NodeStoreProvider

BOOLEAN

false

Custom BlobStore

customBlobStore

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Boolean value indicating that a custom BlobStore is to be used. By default large binary content would be stored within segment tar files

BOOLEAN

false

Blob GC Max Age (in secs)

blobGcMaxAgeInSecs

Apache Jackrabbit Oak Segment NodeStore Service org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService :- NodeStore implementation based on Document model. For configuration option refer to http://jackrabbit.apache.org/oak/docs/osgi_config.html#SegmentNodeStore. Note that for system stability purpose it is advisable to not change these settings at runtime. Instead the config change should be done via file system based config file and this view should ONLY be used to determine which options are supported

Blob Garbage Collector (GC) logic will only consider those blobs for GC which are not accessed recently (currentTime - lastModifiedTime > blobGcMaxAgeInSecs). For example as per default only those blobs which have been created 24 hrs ago will be considered for GC

Names of users granted full access to the Apache Felix Web Console. By default this lists the "admin" user. A maximum of 20 users may be configured. Administrators are encouraged to create a group whose members are to be granted access to Web Console instead of allowing access to individual users.

Names of groups whose members are granted full access to the Apache Felix Web Console. The default lists no groups. Administrators are encouraged to create a group whose members are to be granted access to the Web Console. A maximum of 20 groups may be configured. Using groups to control access requires a Jackrabbit based repository.

STRING

Initial Context Factory

java.naming.factory.initial

Apache Sling JCR Repository JNDI Registrar org.apache.sling.jcr.jackrabbit.server.JndiRegistrationSupport :- The JNDI Registrar listens for embedded repositories to be registered as services and registers them in the JNDI context under the name specified in the "name" service property.

The fully qualified class name of the factory class that will create an initial context.

STRING

org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory

Provider URL

java.naming.provider.url

Apache Sling JCR Repository JNDI Registrar org.apache.sling.jcr.jackrabbit.server.JndiRegistrationSupport :- The JNDI Registrar listens for embedded repositories to be registered as services and registers them in the JNDI context under the name specified in the "name" service property.

An URL string for the service provider (e.g. "ldap://somehost:389").

STRING

http://sling.apache.org

Port Number

port

Apache Sling JCR Repository RMI Registrar org.apache.sling.jcr.jackrabbit.server.RmiRegistrationSupport :- The RMI Registrar listens for embedded repositories to be registered as services and registers them in an RMI registry under the name specified in the "name" service property.

Port number of the RMI registry to use. The RMI Registrar first tries to create a private RMI registry at this port. If this fails, an existing registry is tried to connect at this port on local host. If this number is negative, the RMI Registrar is disabled. If this number is higher than 65535, an error message is logged and the RMI Registrar is also disabled. If this number is zero, the system default RMI Registry port 1099 is used.

INTEGER

1099

Enable

cluster.level.enable

Day CQ Cluster Based Start Level Controller com.day.cq.jcrclustersupport.ClusterStartLevelController :- Controls the OSGi Framework start level based on whether the bound repository is the Cluster Master or Slave repository.

Whether to enable or not the start level controller. Default is "true". If the start level controller is disabled the OSGi Framework start level is not changed by this component.

BOOLEAN

true

Master Start Level

cluster.master.level

Day CQ Cluster Based Start Level Controller com.day.cq.jcrclustersupport.ClusterStartLevelController :- Controls the OSGi Framework start level based on whether the bound repository is the Cluster Master or Slave repository.

The start level to switch the framework to if the bound repository is the Cluster Master node. Default is "30".

INTEGER

30

Master Start Level

cluster.slave.level

Day CQ Cluster Based Start Level Controller com.day.cq.jcrclustersupport.ClusterStartLevelController :- Controls the OSGi Framework start level based on whether the bound repository is the Cluster Master or Slave repository.

The start level to switch the framework to if the bound repository is the Cluster Slave node. Default is "15". If this value is less than the providing bundle's current start level, the start level of the bundle is changed to this configured value to ensure the bundle remains started after swichting the start level. In addition, it is suggested to set the OSGi framework initial startlevel to this same startlevel. This can be accomplished by setting the "org.osgi.framework.startlevel.beginning" in the sling.properties file to this value.

JCRInstall looks in repository folders having a name that match this regular expression (under the root paths, which are defined by the ResourceResolver search path) for resources to install. Folders having names that match this expression, followed by dotted run mode selectors (like "install.author.production") are also included.

List of paths under which jcrinstall looks for installable resources. Combined with the installations folders name regexp to select folders for scanning. Each path is followed by a colon and the priority of resources found under that path, resources with higher values override resources with lower values which represent the same OSGi entity (configuration, bundle, etc).

Path of the node in repository whose children would be watched for determining if the watch folder scanning has to be performed or not. If any child node is found at this path then scanning would be paused.

Host name (or IP Address) and port of the HTTP Proxy. in the format host:port, e.g. proxy.corp.com:3128. This property is ignored if HTTP Proxying is disabled. This property does not have default value. Enabling HTTP Proxying but not setting the HTTP Proxy Host causes HTTP Proxying to actually be disabled.

The name of the user to authenticate as with the HTTP Proxy Host. If this field is empty, the proxy is considered to not be authenticated. The default is empty. This property is ignored if proxying is disabled or the proxy host is not properly configured.

The host the authentication request is originating from. Essentially, the computer name for this machine. By default the credentials assume simple username password authentication. If the proxy happens to be a Microsoft IIS Server using NTLM authentication this property must be set to the NT Domain name of the user to authenticate as. This is not set by default.

The NTLM domain to authenticate within. By default the credentials assume simple username password authentication. If the proxy happens to be a Microsoft IIS Server using NTLM authentication this property must be set to the NT Domain name of the user to authenticate as. This is not set by default.

Lists domain names, host names, IP Addresses or or network addresses for which the HTTP Proxy Host should not be used. A domain name indicating all hosts of a domain is indicated by a leading dot, e.g. ".day.com". A network address is indicated with subnet mask notation indicating the number of bits make up the network address, e.g 192.168.1.0/24 means the class C network "192.168.1". Note that for proxy selection, the host name of URL is not resolved but directly compared to the list of exceptions. For this reason you might want to indicate both the network address and the domain for targets which should not be passed through the proxy. This property has no effect if HTTP Proxying is disabled. The default value is [ localhost, 127.0.0.1 ].

Host name (or IP Address) of the HTTP Proxy. This property is ignored if this proxy configuration is disabled. This property does not have a default value. Enabling this proxy but not setting the HTTP Proxy Host effectively disables this configuration.

TCP port of the HTTP Proxy. This property is ignored if this proxy configuration is disabled. This property does not have a default value. Enabling this proxy but not setting the HTTP Proxy Port effectively disables this configuration.

The name of the user to authenticate as with the HTTP Proxy Host. If this field is empty, the proxy is considered to not be authenticated. The default is empty. This property is ignored if proxying is disabled or the proxy host is not properly configured.

Lists domain names, host names, IP Addresses or or network addresses for which this proxy configuration should not be used. A domain name indicating all hosts of a domain is indicated by a leading dot, e.g. ".day.com". A network address is indicated with subnet mask notation indicating the number of bits make up the network address, e.g 192.168.1.0/24 means the class C network "192.168.1". Note that for proxy selection, the host name of URL is not resolved but directly compared to the list of exceptions. For this reason you might want to indicate both the network address and the domain for targets which should not be passed through the proxy. This property has no effect if this proxy configuration is disabled. The default value is [ localhost, 127.0.0.1 ].

STRING

localhost127.0.0.1

Impersonation Cookie

auth.sudo.cookie

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

The name the HTTP Cookie to set with the value of the user which is to be impersonated. This cookie will always be a session cookie.

STRING

sling.sudo

Impersonation Parameter

auth.sudo.parameter

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

The name of the request parameter initiating impersonation. Setting this parameter to a user id will result in using an impersonated session (instead of the actually authenticated session) and set a session cookie of the name defined in the Impersonation Cookie setting.

STRING

sudo

Allow Anonymous Access

auth.annonymous

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

Whether default access as anonymous when no credentials are present in the request is allowed. The default value is "true" to allow access without credentials. When set to "false" access to the repository is only allowed if valid credentials are presented. The value of this configuration option is added to list of Authentication Requirements and needs not be explicitly listed. If anonymous access is allowed the entry added is "-/". Otherwise anonymous access is denied and "+/" is added to the list.

BOOLEAN

true

Authentication Requirements

sling.auth.requirements

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

Defines URL space subtrees which require or don't require authentication. For any request the best matching path configured applies and defines whether authentication is actually required for the request or not. Each entry in this list can be an absolute path (such as /content) or and absolute URI (such as http://thehost/content). Optionally each entry may be prefixed by a plus (+) or minus (-) sign indicating that authentication is required (plus) or not required (minus). Example entries are "/content" or "+/content" to require authentication at and below "/content" and "-/system/sling/login" to not require authentication at and below "/system/sling/login". By default this list is empty. This list is extended at run time with additional entries: One entry is added for the "Allow Anonymous Access" configuration. Other entries are added for any services setting the "sling.auth.requirements" service registration property.

STRING

Anonymous User Name

sling.auth.anonymous.user

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

Defines which user name to assume for anonymous requests, that is requests not providing credentials supported by any of the registered authentication handlers. If this property is missing or empty, the default is assumed which depends on the resource provider(s). Otherwise anonymous requests are handled with this user name. If the configured user name does not exist or is not allowed to access the resource data, anonymous requests may still be blocked. If anonymous access is not allowed, this property is ignored.

STRING

Anonymous User Password

sling.auth.anonymous.password

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

Password for the anonymous user defined in the Anonymous User Name field. This property is only used if a non-empty anonymous user name is configured. If this property is not defined but a password is required, an empty password would be assumed.

STRING

HTTP Basic Authentication

auth.http

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

Level of support for HTTP Basic Authentication. Such support can be provided in three levels: (1) no support at all, that is disabled, (2) preemptive support, that is HTTP Basic Authentication is supported if the authentication header is set in the request, (3) full support. The default is preemptive support unless Anonymous Access is not allowed. In this case HTTP Basic Authentication is always enabled to ensure clients can authenticate at least with basic authentication.

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

HTTP BASIC authentication realm. This property is only used if the HTTP Basic Authentication support is not disabled. The default value is "Sling (Development)".

STRING

Sling (Development)

Authentication URI Suffices

auth.uri.suffix

Apache Sling Authentication Service org.apache.sling.engine.impl.auth.SlingAuthenticator :- Extracts user authentication details from the request with the help of authentication handlers registered as separate services. One example of such an authentication handler is the handler HTTP Authorization header contained authentication.

A list of request URI suffixes intended to be handled by Authentication Handlers. Any request whose request URI ends with any one of the listed suffices is intended to be handled by an Authentication Handler causing the request to either be rejected or the client being redirected to another location and thus the request not being further processed after the authentication phase. The default is just "/j_security_check" which is the suffix defined by the Servlet API specification used for FORM based authentication.

Configure the timeout (in seconds) after which the SyncService gives up when it did not see sync tokens of peer instances in the cluster. The SyncService mechanism ensures switching to a new topology is handled synchronously in the cluster and if this timeout is hit, there is a risk of an instance not having noticed a new topology just yet. Default is 120 seconds.

When enabled, the SyncService that exchanges sync tokens upon every topology change is used. The SyncService ensures that a topology change event is only sent once all instances have indicated they are aware of the ongoing change. Disabling this results in the topology change events being sent out quicker, however without a synchronization guarantee.

Configure a minimal delay (in seconds) between TOPOLOGY_CHANGING and TOPOLOGY_CHANGED. Any further changes happening during this delay are accumulated and combined in the TOPOLOGY_CHANGED after this delay. This helps avoiding event-flooding. Default is 3 seconds. A negative value or zero disables this delay.

List of IPs and/or hostnames which are allowed to connect to the connector URL. There are four variants here: 1. provide a plain hostname. 2. provide an IP address. 3. provide a hostname or IP address with wildcards (* or ?). 4. provide an IP address with a subnet mask, either using the CIDR notation: 1.2.3.4/24 or an IP address, space, subnet mask: 1.2.3.4 255.255.255.0)

If true, and the discovery.impl detects a local-looping topology connector, the corresponding topology connector will be automatically stopped. This is useful to prevent unnecessary loops with eg pre-configured topology connectors.

If true, the payloads of topology connector requests will be gzipped. This is advisable on certain connector structures, eg in a tree structure, where a topology connector announces a large sub-topology. Note that this only works with the server running discovery.impl 1.0.4 and onwards. Replies are gzipped automatically.

If true, and the Shared Key is set to the same value on all members of the topology, the messages will be validated using a HMAC of a digest of the body of the message. The hmac and message digest are in the HTTP request and response headers. Both requests and responses are signed.

If Message HMACs are enabled and there is a shared key set, setting this to true will encrypt the body of the message using 128 bit AES encryption. Once encrypted you will not be able debug the messages at the http level.

If message signing and encryption is used, this should be set to the same value on all members of the same topology. If any member of the topology has a different key it will effectively be excluded from the topology even if it attempts to send messages to other members of the topology.

Shared keys for message signatures are derived from the configured shared key. Each derived key has a lifetime (TTL). Once that time has expired a new key is derived and used for hmac signatures. This setting, sets the TTL in ms. Keys that are 2 lifetimes old are ignored. Set according to you level of paranoia, but don't set to less than the greatest possible clock drift between members of the topology. The default is 4 hours. Setting to a ridiculously low value will increase the turnover of keys. Generating a key takes about 2ms. There is no risk of memory consumption with low values, only a risk of the topology falling apart due to incorrectly set clocks.

When a topology connector is in standby mode (ie when it is redundant), the heartbeat frequency is lowered, ie the heartbeatInterval for this connector is increased , at maximum by the backoffStandbyFactor

When a topology connector is stable (ie no changes occuring in the announcements sent), then the heartbeat frequency is lowered, ie the heartbeatInterval for this connector is steadily increased, at maximum by the backoffStableFactor.

Apache Sling Configured Feature org.apache.sling.featureflags.Feature :- Allows for the definition of statically configured features which are defined and enabled through OSGi configuration

Short name of this feature. This name is used to refer to this feature when checking for it to be enabled or not. This property is required and defaults to a name derived from the feature's class name and object identity. It is strongly recommended to define a useful and unique for the feature

STRING

Description

description

Apache Sling Configured Feature org.apache.sling.featureflags.Feature :- Allows for the definition of statically configured features which are defined and enabled through OSGi configuration

Description for the feature. The intent is to descibe the behaviour of the application if this feature would be enabled. It is recommended to define this property. The default value is the value of the name property.

STRING

Enabled

enabled

Apache Sling Configured Feature org.apache.sling.featureflags.Feature :- Allows for the definition of statically configured features which are defined and enabled through OSGi configuration

Boolean flag indicating whether the feature is enabled or not by this configuration

Defines an obtional path mapping for a path.Each mapping entry is expressed as follow: :. As an example: /foo:/libs, this maps the JCR node /foo to the resource /libs. If the resource path is specified as '.', the JCR tree is not visible in the resource tree. This should not be considered a security feature as the nodes are still accessible through the JCR api. Mapping a JCR path to the root is not allowed. The mappings are evaluated as ordered in the configuration.

Apache Sling JCR System User Validator org.apache.sling.jcr.resource.internal.JcrSystemUserValidator :- Enforces the usage of JCR system users for all user mappings being used in the 'Sling Service User Mapper Service'

If set to true, only user IDs bound to JCR system users are allowed in the user mappings of the 'Sling Service User Mapper Service'. Otherwise all users are allowed!

The list of absolute path prefixes applied to find resources whose path is just specified with a relative path. The default value is [ "/apps", "/libs" ]. If an empty path is specified a single entry path of [ "/" ] is assumed.

Defines whether namespace prefixes of resource names inside the path (e.g. "jcr:" in "/home/path/jcr:content") are mangled or not. Mangling means that any namespace prefix contained in the path is replaced as per the generic substitution pattern "/([^:]+):/_$1_/" when calling the "map" method of the resource resolver. Likewise the "resolve" methods will unmangle such namespace prefixes according to the substituation pattern "/_([^_]+)_/$1:/". This feature is provided since there may be systems out there in the wild which cannot cope with URLs containing colons, even though they are perfectly valid characters in the path part of URI references with a scheme. The default value of this property if no configuration is provided is "true".

A resource resolver factory is only available (registered) if all resource providers mentioned in this configuration are available. Each entry is either a service PID or a filter expression. Invalid filters are ignored.

List of mappings to apply to paths. Incoming mappings are applied to request paths to map to resource paths, outgoing mappings are applied to map resource paths to paths used on subsequent requests. Form is where is ">" for incoming mappings, " value indicating a mapping in both directions is deprecated.

This flag controls whether to optimize the alias resolution by creating an internal cache of aliases. This might have an impact on the startup time and on the alias update time if the number of aliases is huge (over 10000).

This setting can contain a list of path prefixes, e.g. /libs/, /content/. If such a list is configured, only vanity paths from resources starting with this prefix are considered. If the list is empty, all vanity paths are used.

This setting can contain a list of path prefixes, e.g. /misc/. If such a list is configured,vanity paths from resources starting with this prefix are not considered. If the list is empty, all vanity paths are used.

If this flag is enabled, an unregistration of a resource provider (not factory), is causing the resource resolver factory to restart, potentially cleaning up for memory leaks caused by objects hold from that resource provider.

Adobe Granite Authorizable Node Name Health Check com.adobe.granite.repository.hc.impl.AuthorizableNodeNameHealthCheck :- This health check verifies if the default node name generation for user/group nodes has been replace in order to avoid exposing the authorizable ID in the node name and path.

Adobe Granite OAuth Server Authentication Handler com.adobe.granite.oauth.server.auth.impl.OAuth2ServerAuthenticationHandler :- Authentication Handler for OAuth 2.0 (server side). Note that this Authentication Handler is only enabled if configuration exists and the Path property is not set to an empty string.

Repository path for which this authentication handler should be used by Sling. If this is empty, the authentication handler will be disabled. By default this is set to "/".

STRING

/

jaas.controlFlag.name

jaas.controlFlag

Adobe Granite OAuth Server Authentication Handler com.adobe.granite.oauth.server.auth.impl.OAuth2ServerAuthenticationHandler :- Authentication Handler for OAuth 2.0 (server side). Note that this Authentication Handler is only enabled if configuration exists and the Path property is not set to an empty string.

jaas.controlFlag.description

STRING

sufficient

jaas.realmName.name

jaas.realmName

Adobe Granite OAuth Server Authentication Handler com.adobe.granite.oauth.server.auth.impl.OAuth2ServerAuthenticationHandler :- Authentication Handler for OAuth 2.0 (server side). Note that this Authentication Handler is only enabled if configuration exists and the Path property is not set to an empty string.

jaas.realmName.description

STRING

jackrabbit.oak

jaas.ranking.name

jaas.ranking

Adobe Granite OAuth Server Authentication Handler com.adobe.granite.oauth.server.auth.impl.OAuth2ServerAuthenticationHandler :- Authentication Handler for OAuth 2.0 (server side). Note that this Authentication Handler is only enabled if configuration exists and the Path property is not set to an empty string.

jaas.ranking.description

INTEGER

1000

Offline Validation

oauth.offline.validation

Adobe Granite OAuth Server Authentication Handler com.adobe.granite.oauth.server.auth.impl.OAuth2ServerAuthenticationHandler :- Authentication Handler for OAuth 2.0 (server side). Note that this Authentication Handler is only enabled if configuration exists and the Path property is not set to an empty string.

Day CQ HTTP Header Authentication Handler com.day.cq.wcm.foundation.impl.HTTPAuthHandler :- Implements the authorization steps based on the Authorization header of the HTTP request. This authenticator supports the BASIC authentication method.

Repository path for which this authentication handler should be used by Sling. If this is empty, the authentication handler will be disabled.

STRING

/

Disable Login Page

auth.http.nologin

Day CQ HTTP Header Authentication Handler com.day.cq.wcm.foundation.impl.HTTPAuthHandler :- Implements the authorization steps based on the Authorization header of the HTTP request. This authenticator supports the BASIC authentication method.

Check this if the Login Page of this authenticator should be disabled or not. If not checked, the loing page is returned if a request to a page triggers the login mechanism. If this is checked, the login page is only returned if explicitly requested (for example by the login servlet at "/bin/login.html"). In author systems, this property is generally not checked, while on publish systems this property is checked to prevent presenting casual users with the login form.

BOOLEAN

false

HTTP Realm

auth.http.realm

Day CQ HTTP Header Authentication Handler com.day.cq.wcm.foundation.impl.HTTPAuthHandler :- Implements the authorization steps based on the Authorization header of the HTTP request. This authenticator supports the BASIC authentication method.

Name of the HTTP realm - this name is displayed in the login window to the user (and is a key for the client to cache the credentials).

STRING

Day Communique 5

Default Login Page

auth.default.loginpage

Day CQ HTTP Header Authentication Handler com.day.cq.wcm.foundation.impl.HTTPAuthHandler :- Implements the authorization steps based on the Authorization header of the HTTP request. This authenticator supports the BASIC authentication method.

Absolute path of the page to use to display the default login form. This page is rendered if no Closed User Group applies or the applicable Closed User Group does not declare its own login page. This property is used to render the page as is in an HTTP GET request. As such the value must included any necessary request extension such as ".html". The default value of this property is "/login", which is a vanity URL.

STRING

/libs/cq/core/content/login.html

Login Form Clients

auth.cred.form

Day CQ HTTP Header Authentication Handler com.day.cq.wcm.foundation.impl.HTTPAuthHandler :- Implements the authorization steps based on the Authorization header of the HTTP request. This authenticator supports the BASIC authentication method.

Lists identifiers of clients which are known to support form based HTTP (Basic) authentication. Such authentication presents a form and uses AJAX requests to validate the user name and password and assumes the client caches this information. This is only known to work in Firefox and some Internet Explorer browsers. The default value for this property therefore is [ "Firefox", "Shiretoko", "MSIE 7", "MSIE 6" ]. Changing this value is strongly discouraged because it may prevent login. All browsers not supporting form based HTTP (Basic) authentication will use regular HTTP (Basic) authentication using the 401/UNAUTHORIZED status code and the regular browser password dialog.

STRING

FirefoxShiretokoMSIE 7MSIE 6

UTF-8 Credentials

auth.cred.utf8

Day CQ HTTP Header Authentication Handler com.day.cq.wcm.foundation.impl.HTTPAuthHandler :- Implements the authorization steps based on the Authorization header of the HTTP request. This authenticator supports the BASIC authentication method.

Lists identifiers of clients which are known to encode non-ASCII credentials using UTF-8 character encoding. Clients whose User-Agent header does not contain one of the listed identifiers are assumed to encode the credentials using ISO-8859-1 character encoding. The default list of clients is [ "Firefox", "Shiretoko", "Chrome", "Opera", "curl", "Wget" ].

STRING

FirefoxShiretokoChromeOperacurlWget

CUG Exempted Principals

cug.exempted.principals

Day CQ Closed User Group (CUG) Support com.day.cq.auth.impl.cug.CugSupportImpl :- Configures the support for Closed User Groups. Please note, that Closed User Group configuration must be available for Closed User Group support to be available at all. In addition, existing Closed User Group configuration may still disable Closed User Groups by setting the "Enable CUG Roots" property to false. This may for example be used to preserve the list of exempted principals while still (temporarily) disable support for Closed User Groups.

List of Principals for which any CUG restrictions do not apply.

STRING

administrators

Enable CUG Roots

cug.enabled

Day CQ Closed User Group (CUG) Support com.day.cq.auth.impl.cug.CugSupportImpl :- Configures the support for Closed User Groups. Please note, that Closed User Group configuration must be available for Closed User Group support to be available at all. In addition, existing Closed User Group configuration may still disable Closed User Groups by setting the "Enable CUG Roots" property to false. This may for example be used to preserve the list of exempted principals while still (temporarily) disable support for Closed User Groups.

Whether or not CUG roots are enabled on a global level or not. If this flag is not set (the default), CUG roots are not enabled.

BOOLEAN

false

Regular expression

cug.principals.regex

Day CQ Closed User Group (CUG) Support com.day.cq.auth.impl.cug.CugSupportImpl :- Configures the support for Closed User Groups. Please note, that Closed User Group configuration must be available for Closed User Group support to be available at all. In addition, existing Closed User Group configuration may still disable Closed User Groups by setting the "Enable CUG Roots" property to false. This may for example be used to preserve the list of exempted principals while still (temporarily) disable support for Closed User Groups.

The regular expression to which the principle name is to be matched while creating ACEs.

STRING

Replacement

cug.principals.replacement

Day CQ Closed User Group (CUG) Support com.day.cq.auth.impl.cug.CugSupportImpl :- Configures the support for Closed User Groups. Please note, that Closed User Group configuration must be available for Closed User Group support to be available at all. In addition, existing Closed User Group configuration may still disable Closed User Groups by setting the "Enable CUG Roots" property to false. This may for example be used to preserve the list of exempted principals while still (temporarily) disable support for Closed User Groups.

A list of request extensions indicating requests for which the Login Selector Authentication Handler may request credentials. Any request whose extension is not one the listed extensions will not cause the credentials to be requested. If this list is empty the default list of html and htm is used. Note that the list entries must not have leading dots. Requests without extension or requests with trailing slashes (/) are always handled by the Login Selector Authentication Handler regardless of this configuration.

Adobe Granite Client Certificate Authentication Handler com.adobe.granite.auth.cert.impl.ClientCertAuthHandler :- Authentication Handler supporting single sign-on based on client certificate. This handler extracts client certificate from request and extracts subject's dn (distinguished name) from certificate. If mapping between dn and user ID is found, the request is authenticated with that user ID.

path.description

STRING

/

Service Ranking

service.ranking

Adobe Granite Client Certificate Authentication Handler com.adobe.granite.auth.cert.impl.ClientCertAuthHandler :- Authentication Handler supporting single sign-on based on client certificate. This handler extracts client certificate from request and extracts subject's dn (distinguished name) from certificate. If mapping between dn and user ID is found, the request is authenticated with that user ID.

OSGi Framework Service Ranking value to indicate the order in which to call this service. This is an int value where higher values designate higher precedence. Default value is 0.

INTEGER

0

Path

path

Adobe Granite OAuth Authentication Handler com.adobe.granite.auth.oauth.impl.OAuthAuthenticationHandler :- Authentication Handler for OAuth 1.0a and OAuth 2.0 (draft) providers. Currently only Twitter and Facebook are supported. In future versions of this Authentication Handler further providers will be supported. Note that this Authentication Handler is only enabled if configuration exists and the Path property is not set to an empty string.

Repository path for which this authentication handler should be used by Sling. If this is empty, the authentication handler will be disabled. By default this is set to "/".

Enable Relaxed SSL (allow self signed certificates) for communication with a test authorization server. This configuration MUST BE DISABLED in production.

BOOLEAN

false

Config ID

oauth.config.id

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

OAuth Configuration IDs must be unique. This ID will be used to determine which config will be used for a particular oauth request with the "configid" request parameter.

STRING

Client ID

oauth.client.id

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Application Client ID provided by the OAuth Provider. For OAuth 1.0a this is called the Consumer Key. This is required for the Authentication Handler to authenticate with OAuth for a specific Provider.

STRING

Client Secret

oauth.client.secret

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Application Client Secret provided by the OAuth Provider. For OAuth 1.0a this is called the Consumer Secret. This is required for the Authentication Handler to authenticate with OAuth for a specific Provider.

STRING

Scope

oauth.scope

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Scope for the authorization request to hand over to the provider

STRING

Provider ID

oauth.config.provider.id

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Assign the Provider ID used to match a ProviderConfig to a Provider

STRING

Create users

oauth.create.users

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Whether to automatically create users if there is no matching CRX user for an OAuth authenticated users. By default this is not enabled. Handle with care.

BOOLEAN

false

Force Strict Username Matching

force.strict.username.matching

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

If enabled a strict username matching is applied, so two users are considered to be the same only and only if they have the same mapped OAuth username (and not only the same OAuthId property). By default this is not enabled. Handle with care.

BOOLEAN

false

Groups

oauth.create.users.groups

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Groups to which created users are added. If this list is empty, new users are just member of the "Everyone" group.

STRING

Encode UserIds

oauth.encode.userids

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Base.encode64 generated user ids for created users.

BOOLEAN

false

Hash UserIds

oauth.hash.userids

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

SHA-256 generated user ids for created users.

BOOLEAN

false

Callback URL

oauth.callBackUrl

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

URL configured with the OAuth providers to redirect the client back. Use a relative url to use the host of the original request. Leave empty to use the originally requested URL instead. Suffix "/callback/j_security_check" is automatically appended to this url. Note: the domain for the callback must be registered at the provider side (e.g. Facebook or Twitter).

STRING

Save access token

oauth.access.token.persist

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Whether to save Oauth access token in users profile. If enabled, the token will be stored in encrypted form in the property specified by Provider.getAccessTokenPropertyPath().

BOOLEAN

false

Save access token in the Cookies

oauth.access.token.persist.cookie

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Whether to save Oauth access token in the cookies. If enabled, the token will be stored in encrypted form in the cookies (with the cookie name being the client Id)

BOOLEAN

false

Enable Cross-Site Request Forgery state protection

oauth.csrf.state.protection

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Enable the Cross-Site Request Forgery state protection as per http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.12

BOOLEAN

true

Enable Persisting Request Params in Callback URL

oauth.redirect.request.params

Adobe Granite OAuth Application and Provider com.adobe.granite.auth.oauth.provider :- Configures the OAuth Provider Application setup such that the Authentication Handler can authenticate users with the provider.

Enabling Persisting of Original Request Parameters in the Callback URL formed during Authorization so that it can be used as a means to redirect the user to original resource on successful authentication

Whether or not this authentication handler expects encrypted SAML assertions. If this is enabled the SP's private key must be provided in the key-store of the 'authentication-service' system user (see SP Private Key Alias above).

URL of the IDP where the SAML Logout Request should be sent to. If this property is empty the authentication handler won't handle logouts.

STRING

Path

path

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

Repository path for which this authentication handler should be used by Sling. If this is empty, the authentication handler will be disabled.

STRING

/

Service Ranking

service.ranking

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

OSGi Framework Service Ranking value to indicate the order in which to call this service. This is an int value where higher values designate higher precedence. Default value is 0.

INTEGER

0

JAAS Control Flag

jaas.controlFlag

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

Property name specifying whether or not a LoginModule is REQUIRED, REQUISITE, SUFFICIENT or OPTIONAL. Refer to the JAAS configuration documentation for more details around the meaning of these flags. Jackrabbit Oak only.

STRING

sufficient

JAAS Realm

jaas.realmName

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

Property name specifying the realm name (or application name) against which the LoginModule is be registered. If no realm name is provided then LoginModule is registered with a default realm as configured in the Felix JAAS configuration. Jackrabbit Oak only.

STRING

jackrabbit.oak

JAAS Ranking

jaas.ranking

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

One or more HTTP Headers which might provide the user ID.

STRING

Cookie Names

cookies

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

One or more names of Cookies which might provide the user ID.

STRING

cqpsso

Parameter Names

parameters

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

One or more names of Request Parameters which might provide the user ID.

STRING

User Map

usermap

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

For selected users, the user name extracted from the HTTP request can be replaced with a different one in the credentials object. The mapping is defined here. If the user name "admin" appears on either side of the map, the mapping will be ignored . The character "=" has to be escaped with a leading "\".

STRING

Format

format

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

Indication of the format in which the user ID is provided. Use "Basic" if the user ID is encoded in the HTTP Basic Authentication format, "AsIs" if the user ID is provided in plain text or any regular expression applied value should be used as is or any regular expression.

STRING

Basic

Trusted Credential Attribute

trustedCredentialsAttribute

Adobe Granite SSO Authentication Handler com.adobe.granite.auth.sso.impl.SsoAuthenticationHandler :- Authentication Handler supporting single sign-on systems such as Siteminder or IIS NTLM. This handler just extracts the user ID from the HTTP Request and ignores any password information. The user ID can be extract from HTTP Request Headers, Cookies or Parameters.

The name of the attribute which is set with the user information in the trusted credentials. This needs to match the "trust_credentials_attribute" configuration of the default login module in Jackrabbit.However, this feature is deprecated and will no longer be supported in Jackrabbit Oak.

Adobe Granite WebDav Access Health Check com.adobe.granite.bundles.hc.impl.WebDavBundleHealthCheck :- This health check checks if the WebDav bundle and SimpleWebDavServlet are active in the right runmodes.

If this setting is enabled, browser and not browser agents will be checked by the filter. If this setting is disabled, only browsers will be checked, non-browser clients will not be checked by the filter. The Safe User Agents will never be checked regardless of this setting.

Adobe Granite Pseudo Translations com.adobe.granite.i18n.impl.bundle.PseudoTranslations :- Providing a pseudo locale "zz" with automated translations for testing. Wraps the string part with a prefix and suffix for the translation. Expects keys in the format: "string ((comment))".

List of patterns for different countries within the "zz" language. Entries must have the form "" (space delimited), where country is a country code such as "zz" and pattern is the translation pattern which can use {string} for the original string and {comment} for the translation comment (optional)

STRING

zz USR_{string}_尠pg PAGE_{string}_尠

Preference Name

security.preferences.name

Adobe Granite Preference Locale Resolver com.adobe.granite.i18n.impl.PreferencesLocaleResolverService :- This locale resolver reads the locale for a request from the current user's preference for the language.

Name of the preference the user's locale is stored. Be careful when changing this value as it affects the whole installation.

Name of the offloading transporter implementation. Transporter name must match the service property 'offloading.transporter.name' of the transporter service implementation of choice. The value ''offloading.transporter.default'' selects the default implementation (replication based transport).

The path pattern list for long-caching in the format "regexp;key".if key equals to 'auto' it is automatically generated when this service restarts.use 'none' to disable it. Note that libraries having a 'longCacheKey' property overwrite whatever pattern would match them.

List of DTM production IPs which are allowed to trigger the DTM download workflow trough the DTM deploy hook feature.

STRING

Enabled

enabled

Anonymous Usage Data Collection com.adobe.cq.experiencelog.impl.ExperienceLogConfigServlet :- Help Adobe improve Marketing Cloud by sending us anonymous usage data about how your company uses Experience Manager. This anonymous data does not contain any information that identifies your company or users within your company, and it does not contain any data about your company's site visitors.

Enables the service for this instance.

BOOLEAN

false

Disabled for groups

disabledForGroups

Anonymous Usage Data Collection com.adobe.cq.experiencelog.impl.ExperienceLogConfigServlet :- Help Adobe improve Marketing Cloud by sending us anonymous usage data about how your company uses Experience Manager. This anonymous data does not contain any information that identifies your company or users within your company, and it does not contain any data about your company's site visitors.

Live relations default rollout config used if no config is defined on blueprint and on live copy

STRING

/etc/msm/rolloutconfigs/default

Excluded Nodetypes

cq.wcm.msm.action.excludednodetypes

CQ MSM References Update Action com.day.cq.wcm.msm.impl.actions.ReferencesUpdateActionFactory :- This LiveAction rewrites Links within the source branch to point to the target branch.

The list of regex matching node types to be excluded

STRING

Excluded Paragraph Items

cq.wcm.msm.action.excludedparagraphitems

CQ MSM References Update Action com.day.cq.wcm.msm.impl.actions.ReferencesUpdateActionFactory :- This LiveAction rewrites Links within the source branch to point to the target branch.

The list of regex matching paragraph items to be excluded

STRING

Excluded Page Properties

cq.wcm.msm.action.excludedprops

CQ MSM References Update Action com.day.cq.wcm.msm.impl.actions.ReferencesUpdateActionFactory :- This LiveAction rewrites Links within the source branch to point to the target branch.

The list of regex matching page properties to be excluded

STRING

Update Reference across nested LiveCopies

cq.wcm.msm.impl.action.referencesupdate.prop_updateNested

CQ MSM References Update Action com.day.cq.wcm.msm.impl.actions.ReferencesUpdateActionFactory :- This LiveAction rewrites Links within the source branch to point to the target branch.

Default behavior only references to a target in the same LiveCopy are replaced. With this option you can turn on to replace references targeting any Resource that is within the branch of the top-most LiveCopy.

If checked, the urls referencing external links will be saved in the repository.

BOOLEAN

true

Disable Rewriting

linkcheckertransformer.disableRewriting

Day CQ Link Checker Transformer com.day.cq.rewriter.linkchecker.impl.LinkCheckerTransformerFactory :- This is the linkchecker transformer which handles each page request. By default it rewrites links and checks them.

Completly disable all rewriting of links.

BOOLEAN

false

Disable Checking

linkcheckertransformer.disableChecking

Day CQ Link Checker Transformer com.day.cq.rewriter.linkchecker.impl.LinkCheckerTransformerFactory :- This is the linkchecker transformer which handles each page request. By default it rewrites links and checks them.

Completly disable all link checking. All links are handled as valid.

BOOLEAN

false

Map Cache Size

linkcheckertransformer.mapCacheSize

Day CQ Link Checker Transformer com.day.cq.rewriter.linkchecker.impl.LinkCheckerTransformerFactory :- This is the linkchecker transformer which handles each page request. By default it rewrites links and checks them.

The cache for the map operations. A value of less than 50 disables the cache.

INTEGER

5000

Strict Extension Check

linkcheckertransformer.strictExtensionCheck

Day CQ Link Checker Transformer com.day.cq.rewriter.linkchecker.impl.LinkCheckerTransformerFactory :- This is the linkchecker transformer which handles each page request. By default it rewrites links and checks them.

If checked, a strict extension check is performed to detect HTML pages. By default the extension can occur at any location in the path and can be followed by a suffix. With strict checking, the extension has to be the last element in the path. Only for links to HTML pages the mapping configuration is used.

BOOLEAN

false

Strip HTML Extension

linkcheckertransformer.stripHtmltExtension

Day CQ Link Checker Transformer com.day.cq.rewriter.linkchecker.impl.LinkCheckerTransformerFactory :- This is the linkchecker transformer which handles each page request. By default it rewrites links and checks them.

If checked, all links with a .html or .htm extension are rewritten and their extension is removed.

BOOLEAN

false

Rewrite Elements

linkcheckertransformer.rewriteElements

Day CQ Link Checker Transformer com.day.cq.rewriter.linkchecker.impl.LinkCheckerTransformerFactory :- This is the linkchecker transformer which handles each page request. By default it rewrites links and checks them.

List of html elements and their attributes which are rewritten. Pleasse add each entry in the form {elementName}:{attributeName}.

The names of the example content packages. Syntax supports optional parametersseparated by semi column: scope (name or group) and instructions, e.g.cq-geometrixx:name:You can uninstall all the Geometrixx content packages by uninstalling the cq-geometrixx-all-pkg via the Package Manager

STRING

cq-geometrixx:name:You can uninstall all the Geometrixx content packages by uninstalling the cq-geometrixx-all-pkg via the Package Manager

The maximum number of versions to keep. If this value is less than 1, purging is not performed based on the number of versions.

INTEGER

5

Default Device Identification Mode

dim.default.mode

Day CQ Device Identification Mode com.day.cq.wcm.core.impl.devicedetection.DeviceIdentificationModeImpl :- The DeviceIdentificationMode provides the default configuration for the client identification mechanism used by CQ.

The default value is used in case no cq:deviceIdentificationMode property is found on a page node or on its parent nodes

STRING

server-side

client-side -- Client-sideserver-side -- Server-sidenone -- None

Application Cache

dim.appcache.enabled

Day CQ Device Identification Mode com.day.cq.wcm.core.impl.devicedetection.DeviceIdentificationModeImpl :- The DeviceIdentificationMode provides the default configuration for the client identification mechanism used by CQ.

The application cache, if enabled, will allow sending meaningful events when an application's DeviceIdentificationMode changes. For more details about these events check the DeviceIdentificationMode#TOPIC* properties.

WCM Authoring UI Mode Service com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl :- WCM Authoring UI Mode service provides helpers to get and edit authoring mode, as well as to get the corresponding editor URL, and a request filter to add it as a request attribute

Name of the default authoring UI mode

STRING

TOUCH

Classic UI editor URL

authoringUIModeService.editorUrl.classic

WCM Authoring UI Mode Service com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl :- WCM Authoring UI Mode service provides helpers to get and edit authoring mode, as well as to get the corresponding editor URL, and a request filter to add it as a request attribute

URL of the editor used when authoring UI mode is Classic

STRING

/cf#

Touch-Optimized UI editor URL

authoringUIModeService.editorUrl.touch

WCM Authoring UI Mode Service com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl :- WCM Authoring UI Mode service provides helpers to get and edit authoring mode, as well as to get the corresponding editor URL, and a request filter to add it as a request attribute

The pattern for which this tag handler factory instance rolls out a new instance.

STRING

<iframe\s+.*?>

Search pattern

search.pattern

Design Package Entry Preprocessor com.day.cq.wcm.designimporter.impl.EntryPreprocessorImpl :- The preprocessor that intercepts and processes every design package entry before it is extracted to the repository.

The pattern to search for, in the design package entry contents. This regular expression is matched with the entry content line by line. Upon match, the matching text is replaced with the replacement pattern specified.

STRING

/\* *CQ_DESIGN_PATH *\*/ *(['"])

Replace pattern

replace.pattern

Design Package Entry Preprocessor com.day.cq.wcm.designimporter.impl.EntryPreprocessorImpl :- The preprocessor that intercepts and processes every design package entry before it is extracted to the repository.

The pattern that replaces the matches found. You may use regex group references like $1, $2. Additionally, this pattern supports keywords like {designPath} which get resolved with the actual value during import.

List of regular expressions (regex) indicating which URLs are allowed for the creation of QR Codes images. The Author and Publish servers, based on the Externalizer service, are automatically whitelisted.

This can be used to excluded some packages from being added to the results lists. As those packages won't be part of the output, the user won't be able to add the page he is visiting to one of those excluded workflow packages. Use + to include, - to exclude, and provide a Vault filter syntax Example: -/etc/workflow/packages/alison(/.*)? ; +/etc/workflow/packages/alison/but-i-want-this-one ; -/etc/workflow/packages/joe(/.*)?

Property name specifying whether or not a LoginModule is REQUIRED, REQUISITE, SUFFICIENT or OPTIONAL. Refer to the JAAS configuration documentation for more details around the meaning of these flags. Jackrabbit Oak only.

Property name specifying the realm name (or application name) against which the LoginModule is be registered. If no realm name is provided then LoginModule is registered with a default realm as configured in the Felix JAAS configuration. Jackrabbit Oak only.

The list of Resource Tree locations providing fonts. Multiple entries may be listed. Each entry must be an absolute path; that is empty entries or entries not starting with a slash (/) character are ignored. The location of each entry must be existing. This may cause the creation of JCR Nodes at configured entry paths.

Apache Sling Background Requests Filter org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter :- ServletFilter that runs requests in the background if a specific request parameter is set to true.

Requests run in the background if this request parameter is set to true.

STRING

sling:bg

HTTP methods that can start background jobs

allowed.http.methods

Apache Sling Background Requests Filter org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter :- ServletFilter that runs requests in the background if a specific request parameter is set to true.

List of allowed HTTP methods for starting background jobs. Including GET and HEAD is not recommended, background jobs are not meant to be used for this "safe" category of HTTP methods.

Configures additional MIME type mappings in the traditional mime.types file format: Each property is a blank space separated list of strings where the first string is the MIME type and the rest of the strings are filename extensions referring to the MIME type. Using this property additional MIME type mappings may be defined. Existing MIME type mappings cannot be redefined and setting such mappings in this property has no effect. For a list of existing mappings refer to the MIME Types page.

Whether or not to use the compact format. In compact one log entry is logged per request, detailing the request progress tracker information in individual lines, like stack-traces. This keeps log files smaller and makes them more readable. In the older (non-compact) format, one log entry is printed per line, thus potentially containing more noise. Default is false.

BOOLEAN

false

Request Log Name

request.log.output

Apache Sling Request Logger org.apache.sling.engine.impl.log.RequestLogger :- Configures the main loggers of the request logger, namely the request log and the access log. Further loggers may be configured by creating configurations for the Request Logger Service.

Name of the destination for the request log. The request log logs the entry and exit of each request into and out of the system together with the entry time, exit time, time to process the request, a request counter as well as the final status code and response content type. In terms of Request Logger Service formats, request entry is logged with the format "%t [%R] -> %m %U%q %H" and request exit is logged with the format "%{end}t [%R]

STRING

logs/request.log

Request Log Type

request.log.outputtype

Apache Sling Request Logger org.apache.sling.engine.impl.log.RequestLogger :- Configures the main loggers of the request logger, namely the request log and the access log. Further loggers may be configured by creating configurations for the Request Logger Service.

Type of request log destination. Select "Logger Name" to write the access log to an SLF4J logger, "File Name" to write the access log to a file (relative paths resolved against sling.home) or "RequestLog Service" to use a named OSGi service registered with the service interface "org.apache.sling.engine.RequestLog" and a service property "requestlog.name" equal to the Logger Name setting.

INTEGER

0

0 -- Logger Name1 -- File Name2 -- RequestLog Service

Enable Request Log

request.log.enabled

Apache Sling Request Logger org.apache.sling.engine.impl.log.RequestLogger :- Configures the main loggers of the request logger, namely the request log and the access log. Further loggers may be configured by creating configurations for the Request Logger Service.

Whether to enable Request logging or not.

BOOLEAN

true

Access Log Name

access.log.output

Apache Sling Request Logger org.apache.sling.engine.impl.log.RequestLogger :- Configures the main loggers of the request logger, namely the request log and the access log. Further loggers may be configured by creating configurations for the Request Logger Service.

Name of the destination for the request log. The access log writes an entry for each request as the request terminates using the NCSA extended/combined log format. In terms of Request Logger Service formats the access log is written with the format "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"".

STRING

logs/access.log

Access Log Type

access.log.outputtype

Apache Sling Request Logger org.apache.sling.engine.impl.log.RequestLogger :- Configures the main loggers of the request logger, namely the request log and the access log. Further loggers may be configured by creating configurations for the Request Logger Service.

Type of access log destination. Select "Logger Name" to write the access log to an SLF4J logger, "File Name" to write the access log to a file (relative paths resolved against sling.home) or "RequestLog Service" to use a named OSGi service registered with the service interface "org.apache.sling.engine.RequestLog" and a service property "requestlog.name" equal to the Logger Name setting.

INTEGER

0

0 -- Logger Name1 -- File Name2 -- RequestLog Service

Enable Access Log

access.log.enabled

Apache Sling Request Logger org.apache.sling.engine.impl.log.RequestLogger :- Configures the main loggers of the request logger, namely the request log and the access log. Further loggers may be configured by creating configurations for the Request Logger Service.

The default request parameter encoding used to decode request parameters into strings. If this property is not set the default encoding is 'ISO-8859-1' as mandated by the Servlet API spec. This default encoding is used if the '_charset_' request parameter is not set to another (supported) character encoding. Applications being sure to always use the same encoding (e.g. UTF-8) can set this default here and may omit the '_charset_' request parameter

The maximum number of parameters supported. To prevent a DOS-style attack with an overrunning number of parameters the number of parameters supported can be limited. This includes all of the query string as well as application/x-www-form-urlencoded and multipart/form-data parameters. The default value is 10000.

Enable this if you want to include request parameters added through the container, e.g through a valve.

BOOLEAN

false

Number of Calls per Request

sling.max.calls

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

Defines the maximum number of Servlet and Script calls while processing a single client request. This number should be high enough to not limit request processing artificially. On the other hand it should not be too high to allow the mechanism to limit the resources required to process a request in case of errors. The default value is 1000.

INTEGER

1000

Recursion Depth

sling.max.inclusions

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

The maximum number of recursive Servlet and Script calls while processing a single client request. This number should not be too high, otherwise StackOverflowErrors may occurr in case of erroneous scripts and servlets. The default value is 50.

INTEGER

50

Allow the HTTP TRACE method

sling.trace.allow

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

If set to true, the HTTP TRACE method will be enabled. By default the HTTP TRACE methods is disabled as it can be used in Cross Site Scripting attacks on HTTP servers.

BOOLEAN

false

Filter Compat Mode

sling.filter.compat.mode

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

This switch controls the handling of servlet filters. By default only filters with a scope property are registered. In compat mode, the scope property is not required.

BOOLEAN

false

Number of Requests to Record

sling.max.record.requests

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

Defines the number of requests that internally recorded for display on the "Recent Requests" Web Console page. If this value is less than or equal to zero, no requests are internally kept. The default value is 20.

INTEGER

20

Recorded Request Path Patterns

sling.store.pattern.requests

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

One or more regular expressions which limit the requests which are stored by the "Recent Requests" Web Console page.

STRING

Server Info

sling.serverinfo

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

The server info returned by Sling. If this field is left empty, Sling generates a default into.

STRING

Additional response headers

sling.additional.response.headers

Apache Sling Main Servlet org.apache.sling.engine.impl.SlingMainServlet :- Main processor of the Sling framework controlling all aspects of processing requests inside of Sling, namely authentication, resource resolution, servlet/script resolution and execution of servlets and scripts.

Provides mappings for additional response headers Each entry is of the form 'bundleId [ ":" responseHeaderName ] "=" responseHeaderValue'

Name of the destination for the log output. Depending on the output type this is a file name (absolute or relative), a SLF4J logger name or the name under which a RequestLog service has been registered.

Type of log destination. Select "Logger Name" to write the access log to an SLF4J logger, "File Name" to write the access log to a file (relative paths resolved against sling.home) or "RequestLog Service" to use a named OSGi service registered with the service interface "org.apache.sling.engine.RequestLog" and a service property "requestlog.name" equal to the Logger Name setting.

Check if the logger is called on request entry. Otherwise leave unchecked and the logger will be called on request exit (aka termination), which is the default for access logger type loggers.

BOOLEAN

false

Distribute config

org.apache.sling.installer.configuration.persist

Apache Sling Job Consumer Manager org.apache.sling.event.impl.jobs.JobConsumerManager :- The consumer manager controls the job consumer (= processors). It can be used to temporarily disable job processing on the current instance. Other instances in a cluster are not affected.

If this is disabled, the configuration is not persisted on save in the cluster and is only used on the current instance. This option should always be disabled!

BOOLEAN

false

Topic Whitelist

job.consumermanager.whitelist

Apache Sling Job Consumer Manager org.apache.sling.event.impl.jobs.JobConsumerManager :- The consumer manager controls the job consumer (= processors). It can be used to temporarily disable job processing on the current instance. Other instances in a cluster are not affected.

This is a list of topics which currently should be processed by this instance. Leaving it empty, all job consumers are disabled. Putting a '*' as one entry, enables all job consumers. Adding separate topics enables job consumers for exactly this topic.

STRING

*

Topic Blacklist

job.consumermanager.blacklist

Apache Sling Job Consumer Manager org.apache.sling.event.impl.jobs.JobConsumerManager :- The consumer manager controls the job consumer (= processors). It can be used to temporarily disable job processing on the current instance. Other instances in a cluster are not affected.

This is a list of topics which currently shouldn't be processed by this instance. Leaving it empty, all job consumers are enabled. Putting a '*' as one entry, disables all job consumers. Adding separate topics disables job consumers for exactly this topic.

STRING

Disable Distribution

job.consumermanager.disableDistribution

Apache Sling Job Manager org.apache.sling.event.impl.jobs.jcr.PersistenceHandler :- This is the central service of the job handling.

If the distribution is disabled, all jobs will be processed on the leader only! Please use this switch with care.

BOOLEAN

false

Deprecation Warnings

job.log.deprecation

Apache Sling Job Manager org.apache.sling.event.impl.jobs.jcr.PersistenceHandler :- This is the central service of the job handling.

If this switch is enabled, deprecation warnings will be logged with the INFO level.

The maximum number of times a failed job slated for retries is actually retried. If a job has been retried this number of times and still fails, it is not rescheduled and assumed to have failed. The default value is 10.

The number of milliseconds to sleep between two consecutive retries of a job which failed and was set to be retried. The default value is 2 seconds. This value is only relevant if there is a single failed job in the queue. If there are multiple failed jobs, each job is retried in turn without an intervening delay.

The maximum number of parallel jobs started for this queue. A value of -1 is substituted with the number of available processors.

INTEGER

15

Pool Size

minPoolSize

Apache Sling Job Thread Pool org.apache.sling.event.impl.EventingThreadPool :- This is the thread pool used by the Apache Sling job handling. The threads from this pool are merely used for executing jobs. By limiting this pool, it is possible to limit the maximum number of parallel processed jobs - regardless of the queue configuration.

The size of the thread pool. This pool is used to execute jobs and therefore limits the maximum number of jobs executed in parallel.

This value is required and lists the topics processed by this queue. The value is a list of strings. If a string ends with a dot, all topics in exactly this package match. If the string ends with a star, all topics in this package and all subpackages match. If the string neither ends with a dot nor with a star, this is assumed to define an exact topic.

The maximum number of times a failed job slated for retries is actually retried. If a job has been retried this number of times and still fails, it is not rescheduled and assumed to have failed. The default value is 10.

The number of milliseconds to sleep between two consecutive retries of a job which failed and was set to be retried. The default value is 2 seconds. This value is only relevant if there is a single failed job in the queue. If there are multiple failed jobs, each job is retried in turn without an intervening delay.

Optional configuration value for a thread pool to be used by this queue. If this is value has a positive number of threads configuration, this queue uses an own thread pool with the configured number of threads.

Apache Sling JCR ResourceBundle Provider org.apache.sling.i18n.impl.JcrResourceBundleProvider :- ResourceBundleProvider service which loads the messages from the repository. If the user name field is left empty, the provider will log into the repository as the administrative user. Otherwise the given user name and password are used to access the repository. Failing to access the repository, effectively disables the provider.

The name of the user to log in to the repository to get the resources. If this field is empty, the provider accesses the repository as the administrative user.

STRING

Password

password

Apache Sling JCR ResourceBundle Provider org.apache.sling.i18n.impl.JcrResourceBundleProvider :- ResourceBundleProvider service which loads the messages from the repository. If the user name field is left empty, the provider will log into the repository as the administrative user. Otherwise the given user name and password are used to access the repository. Failing to access the repository, effectively disables the provider.

The password used to log in to the repository to get the resources. This field is only used if the user name field is not empty.

STRING

Default Locale

locale.default

Apache Sling JCR ResourceBundle Provider org.apache.sling.i18n.impl.JcrResourceBundleProvider :- ResourceBundleProvider service which loads the messages from the repository. If the user name field is left empty, the provider will log into the repository as the administrative user. Otherwise the given user name and password are used to access the repository. Failing to access the repository, effectively disables the provider.

The default locale to assume if none can be resolved otherwise. This value must be in the form acceptable to the java.util.Locale class.

STRING

en

Preload Bundles

preload.bundles

Apache Sling JCR ResourceBundle Provider org.apache.sling.i18n.impl.JcrResourceBundleProvider :- ResourceBundleProvider service which loads the messages from the repository. If the user name field is left empty, the provider will log into the repository as the administrative user. Otherwise the given user name and password are used to access the repository. Failing to access the repository, effectively disables the provider.

Whether or not to eagerly load the resource bundles on bundle start or a cache invalidation.

BOOLEAN

false

Invalidation Delay

invalidation.delay

Apache Sling JCR ResourceBundle Provider org.apache.sling.i18n.impl.JcrResourceBundleProvider :- ResourceBundleProvider service which loads the messages from the repository. If the user name field is left empty, the provider will log into the repository as the administrative user. Otherwise the given user name and password are used to access the repository. Failing to access the repository, effectively disables the provider.

In case of dictionary change events the cached resource bundle becomes invalid after the given delay (in ms).

LONG

5000

Root Path

alias

Apache Sling DavEx Servlet org.apache.sling.jcr.davex.impl.servlets.SlingDavExServlet :- The DavEx Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The root path at which the DavEx Servlet is accessible. The default value is "/server".

STRING

/server

Use absolute URIs

dav.create-absolute-uri

Apache Sling DavEx Servlet org.apache.sling.jcr.davex.impl.servlets.SlingDavExServlet :- The DavEx Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

Apache Sling DavEx Servlet org.apache.sling.jcr.davex.impl.servlets.SlingDavExServlet :- The DavEx Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

dav.protectedhandlers.description

STRING

org.apache.jackrabbit.server.remoting.davex.AclRemoveHandler

Path

path

Apache Sling JCR Resource Access Gate org.apache.sling.jcr.resourcesecurity.impl.ResourceAccessGateFactory :- This access gate can be used to handle the access to resources not backed by a JCR repository by providing ACLs in the reposiory

The path is a regular expression for which resources the service should be called

STRING

Deep Check Prefix

checkpath.prefix

Apache Sling JCR Resource Access Gate org.apache.sling.jcr.resourcesecurity.impl.ResourceAccessGateFactory :- This access gate can be used to handle the access to resources not backed by a JCR repository by providing ACLs in the reposiory

If this value is configured with a prefix and the resource path starts with this prefix, the prefix is removed from the path and the remaining part is appended to the JCR path to check. For example if /foo/a/b/c is required, this prefix is configured with /foo and the JCR node to check is /check, the permissions at /check/a/b/c are checked.

STRING

JCR Node

jcrPath

Apache Sling JCR Resource Access Gate org.apache.sling.jcr.resourcesecurity.impl.ResourceAccessGateFactory :- This access gate can be used to handle the access to resources not backed by a JCR repository by providing ACLs in the reposiory

This node is checked for permissions to the resources.

STRING

service.ranking.name

service.ranking

Apache Sling Directory Listing Exporter Service org.apache.sling.jcr.webdav.impl.handler.DirListingExportHandlerService :- The Sling Directory Listing Exporter Service wraps a org.apache.jackrabbit.server.io.DirListingExportHandler instance in order to run it as a service.

service.ranking.description

INTEGER

100

Root Path

dav.root

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The root path at which the Simple WebDAV Servlet is accessible. The default value is "/dav". Access to the repository is provided in two ways. You may connect your WebDAV client directly to the root of the Sling web application to access the workspace of Sling directly. The other way is required if you want to connect your WebDAV client to any other workspace besides the Sling workspace. In this case you connect your WebDAV client to another a path comprised of this root path plus the name of the workspace. For example to connect to the some_other workspace, you might connect to http://slinghost/dav/some_other.

STRING

/dav

Use absolute URIs

dav.create-absolute-uri

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The name of the HTTP Basic Authentication Realm presented to the client to ask for authentication credentials to access the repository.

STRING

Sling WebDAV

Non Collection Node Types

collection.types

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The JCR Node Types considered being non-collection resources by WebDAV. Any node replying true to Node.isNodeType() for one of the listed types is considered a non-collection resource. Otherwise the respective node is considered a collection resource.

STRING

nt:filent:resource

Filter Prefixes

filter.prefixes

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

A list of namespace prefixes indicating JCR items filtered from being reported as collection members or properties. The default list includes jcr and rep (Jackrabbit internal namespace prefix) items. Do not modify this setting unless you know exactly what you are doing.

STRING

repjcr

Filter Node Types

filter.types

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

Nodetype names to be used to filter child nodes. A child node can be filtered if the declaring nodetype of its definition is one of the nodetype names specified in the nodetypes Element. E.g. defining rep:root as filtered nodetype whould result in jcr:system being hidden but no other child node of the root node, since those are defined by the nodetype nt:unstructered. The default is empty. Do not modify this setting unless you know exactly what you are doing.

STRING

Filter URIs

filter.uris

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

A list of namespace URIs indicating JCR items filtered from being reported as collection members or properties. The default list is empty. Do not modify this setting unless you know exactly what you are doing.

STRING

Collection Primary Type

type.collections

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The JCR Primary Node Type to assign to nodes created to reflect WebDAV collections. The default value is sling:Folder. You may name any primary node type here, provided it allows the creation of nodes of this type and the defined Non-Collection Primary Type below it.

STRING

sling:Folder

Non-Collection Primary Type

type.noncollections

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The JCR Primary Node Type to assign to nodes created to reflect WebDAV non-collection resources. The default value is nt:file. You may name any primary node type here, provided the node type is allowed to be created below nodes of the type defined for the Collection Primary Type and that a child node with the name "jcr:content" may be created below the non-collection resource whose type is defined by the Content Primary Type.

STRING

nt:file

Content Primary Type

type.content

Apache Sling Simple WebDAV Servlet org.apache.sling.jcr.webdav.impl.servlets.SimpleWebDavServlet :- The Simple WebDAV Servlet allows direct access to the complete Repository. It is directly accessible in its own URL space and requests to this servlet do not pass by the Sling Main Servlet and request processing.

The JCR Primary Node Type to assign to the jcr:content child node of a WebDAV non-collection resource. The default value is nt:resource. You may name any primary node type here, provided the node type is allowed to be created as the jcr:content child node of the node type defined by the Non-Collection Primary Type. In addition the node type must allow at least the following properties: jcr:data (binary), jcr:lastModified (date), and jcr:mimeType (string).

STRING

nt:resource

service.ranking.name

service.ranking

Apache Sling Default Handler Service org.apache.sling.jcr.webdav.impl.handler.DefaultHandlerService :- The Apache Sling Default Handler Service wraps a org.apache.jackrabbit.server.io.DefaultHandler instance in order to run it as a service.

service.ranking.description

INTEGER

1000

Collection Primary Type

type.collections

Apache Sling Default Handler Service org.apache.sling.jcr.webdav.impl.handler.DefaultHandlerService :- The Apache Sling Default Handler Service wraps a org.apache.jackrabbit.server.io.DefaultHandler instance in order to run it as a service.

The JCR Primary Node Type to assign to nodes created to reflect WebDAV collections. The default value is sling:Folder. You may name any primary node type here, provided it allows the creation of nodes of this type and the defined Non-Collection Primary Type below it.

STRING

sling:Folder

Non-Collection Primary Type

type.noncollections

Apache Sling Default Handler Service org.apache.sling.jcr.webdav.impl.handler.DefaultHandlerService :- The Apache Sling Default Handler Service wraps a org.apache.jackrabbit.server.io.DefaultHandler instance in order to run it as a service.

The JCR Primary Node Type to assign to nodes created to reflect WebDAV non-collection resources. The default value is nt:file. You may name any primary node type here, provided the node type is allowed to be created below nodes of the type defined for the Collection Primary Type and that a child node with the name "jcr:content" may be created below the non-collection resource whose type is defined by the Content Primary Type.

STRING

nt:file

Content Primary Type

type.content

Apache Sling Default Handler Service org.apache.sling.jcr.webdav.impl.handler.DefaultHandlerService :- The Apache Sling Default Handler Service wraps a org.apache.jackrabbit.server.io.DefaultHandler instance in order to run it as a service.

The JCR Primary Node Type to assign to the jcr:content child node of a WebDAV non-collection resource. The default value is nt:resource. You may name any primary node type here, provided the node type is allowed to be created as the jcr:content child node of the node type defined by the Non-Collection Primary Type. In addition the node type must allow at least the following properties: jcr:data (binary), jcr:lastModified (date), and jcr:mimeType (string).

The level of optimization for the bytecode generated by Rhino. Provide values between 0-9, 9 being the most aggressive level of optimization. A value of -1 will run scripts in interpreted mode.

INTEGER

9

Target Version

jasper.compilerTargetVM

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

The taret JVM version for the compiled classes. If left empty, the default version, 1.6., is used. If the value "auto" is used, the current vm version will be used.

STRING

auto

Source Version

jasper.compilerSourceVM

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

The JVM version for the java/JSP source. If left empty, the default version, 1.6., is used. If the value "auto" is used, the current vm version will be used.

STRING

auto

Generate Debug Info

jasper.classdebuginfo

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should the class file be compiled with debugging information? true or false, default true.

BOOLEAN

true

Tag Pooling

jasper.enablePooling

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

The class-id value to be sent to Internet Explorer when using tags. Default clsid:8AD9C840-044E-11D1-B3E9-00805F499D93.

STRING

clsid:8AD9C840-044E-11D1-B3E9-00805F499D93

Char Array Strings

jasper.genStringAsCharArray

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should text strings be generated as char arrays, to improve performance in some cases? Default false.

BOOLEAN

false

Keep Generated Java

jasper.keepgenerated

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should we keep the generated Java source code for each page instead of deleting it? true or false, default true.

BOOLEAN

true

Mapped Content

jasper.mappedfile

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should we generate static content with one print statement per input line, to ease debugging? true or false, default true.

BOOLEAN

true

Trim Spaces

jasper.trimSpaces

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should white spaces in template text between actions or directives be trimmed ?, default false.

BOOLEAN

false

Display Source Fragments

jasper.displaySourceFragments

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should we include a source fragment in exception messages, which could be displayed to the developer

BOOLEAN

false

Default Session Value

default.is.session

Apache Sling JSP Script Handler org.apache.sling.scripting.jsp.JspScriptEngineFactory :- The JSP Script Handler supports development of JSP scripts to render response content on behalf of ScriptComponents. Internally Jasper 5.5.20 JSP Engine is used together with the Eclipse Java Compiler to compile generated Java code into Java class files. Some settings of Jasper may be configured as shown below. Note that JSP scripts are expected in the JCR repository and generated Java source and class files will be written to the JCR repository below the configured Compilation Location.

Should a session be created by default for every JSP page? Warning - this behavior may produce unintended results and changing it will not impact previously-compiled pages.

The Service Ranking value acts as the priority with which this Use Provider is queried to return an Use-object. A higher value represents a higher priority.

INTEGER

95

Extension Aliases

aliases

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

The aliases can be used to map several extensions to a single servlet. For instance "xml:pdf,rtf" maps the extensions ".pdf" and ".rtf" to the servlet helper handling the ".xml" extension.

STRING

Auto Index

index

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

Controls whether a simple directory index is rendered for a directory request. A directory request is a request to a resource with a trailing slash (/) character, for example http://host/apps/. If none of the index resources exists, the default GET servlet may automatically render an index listing of the child resources if this option is checked, which is the default. If this option is not checked, the request to the resource is forbidden and results in a status 403/FORBIDDEN. This configuration corresponds to the "Index" option of the Options directive of Apache HTTP Server (httpd).

BOOLEAN

false

Index Resources

index.files

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

List of child resources to be considered for rendering the index of a "directory". The default value is [ "index", "index.html" ]. Each entry in the list is checked and the first entry found is included to render the index. If an entry is selected, which has not extension (for example the "index" resource), the extension ".html" is appended for the inclusion to indicate the desired text/html rendering. If the resource name has an extension (as in "index.html"), no additional extension is appended for the inclusion. This configuration corresponds to the directive of Apache HTTP Server (httpd).

STRING

indexindex.html

Enable HTML

enable.html

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

Whether the renderer for HTML of the default GET servlet is enabled or not. By default the HTML renderer is enabled.

BOOLEAN

true

Enable Plain Text

enable.txt

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

Whether the renderer for plain text of the default GET servlet is enabled or not. By default the plain text renderer is enabled.

BOOLEAN

true

Enable JSON

enable.json

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

Whether the renderer for JSON of the default GET servlet is enabled or not. By default the JSON renderer is enabled.

BOOLEAN

true

Enable XML

enable.xml

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

Whether the renderer for XML of the default GET servlet is enabled or not. By default the XML renderer is enabled.

BOOLEAN

true

JSON Max results

json.maximumresults

Apache Sling GET Servlet org.apache.sling.servlets.get.DefaultGetServlet :- The Sling GET servlet is registered as the default servlet to handle GET requests.

The maximum number of resources that should be returned when doing a node.5.json or node.infinity.json. In JSON terms this basically means the number of Objects to return. Default value is 200.

The list of properties whose values may be used to derive a name for newly created nodes. When handling a request to create a new node, the name of the node is automatically generated if the request URL ends with a star ("*") or a slash ("/"). In this case the request parameters listed in this configuration value may be used to create the name. Default value is [ "title", "jcr:title", "name", "description", "jcr:description", "abstract", "text", "jcr:text" ].

Maximum number of characters to use for automatically generated node names. The default value is 20. Note, that actual node names may be generated with at most 4 more characters if the numeric suffixes must be appended to make the name unique.

Configures a regular expression pattern to select request parameters which should be ignored when wrinting content to the repository. By default this is "j_.*" thus ignoring all request parameters starting with j_ such as j_username.

STRING

j_.*

Servlet Registration Root Path

servletresolver.servletRoot

Apache Sling Servlet/Script Resolver and Error Handler org.apache.sling.servlets.resolver.SlingServletResolver :- The Sling Servlet and Script Resolver has multiple tasks: One it is used as the ServletResolver to select the Servlet or Script to call to handle the request. Second it acts as the SlingScriptResolver and finally it manages error handling by implementing the ErrorHandler interface using the same algorithm to select error handling servlets and scripts as is used to resolve request processing servlets and scripts.

The default root path assumed when registering a Servlet whose Servlet registration properties define a relative path. It can either be a string starting with "/" (specifying a path prefix to be used) or a number which specifies the search path index. The default value is "0" (usually stands for "/apps" in the search paths).

STRING

0

Script User

servletresolver.scriptUser

Apache Sling Servlet/Script Resolver and Error Handler org.apache.sling.servlets.resolver.SlingServletResolver :- The Sling Servlet and Script Resolver has multiple tasks: One it is used as the ServletResolver to select the Servlet or Script to call to handle the request. Second it acts as the SlingScriptResolver and finally it manages error handling by implementing the ErrorHandler interface using the same algorithm to select error handling servlets and scripts as is used to resolve request processing servlets and scripts.

This optional property can specify the repository user who is used to read the scripts. If none is specified the admin user is used by default.

STRING

Cache Size

servletresolver.cacheSize

Apache Sling Servlet/Script Resolver and Error Handler org.apache.sling.servlets.resolver.SlingServletResolver :- The Sling Servlet and Script Resolver has multiple tasks: One it is used as the ServletResolver to select the Servlet or Script to call to handle the request. Second it acts as the SlingScriptResolver and finally it manages error handling by implementing the ErrorHandler interface using the same algorithm to select error handling servlets and scripts as is used to resolve request processing servlets and scripts.

This property configures the size of the cache used for script resolution. A value lower than 5 disables the cache.

INTEGER

200

Execution Paths

servletresolver.paths

Apache Sling Servlet/Script Resolver and Error Handler org.apache.sling.servlets.resolver.SlingServletResolver :- The Sling Servlet and Script Resolver has multiple tasks: One it is used as the ServletResolver to select the Servlet or Script to call to handle the request. Second it acts as the SlingScriptResolver and finally it manages error handling by implementing the ErrorHandler interface using the same algorithm to select error handling servlets and scripts as is used to resolve request processing servlets and scripts.

The paths to search for executable scripts. If no path is configured this is treated like the default (/ = root) which allows to execute all scripts. By configuring some paths the execution of scripts can be limited. If a configured value ends with a slash, the whole sub tree is allowed. Without a slash an exact matching script is allowed.

STRING

/

Default Extensions

servletresolver.defaultExtensions

Apache Sling Servlet/Script Resolver and Error Handler org.apache.sling.servlets.resolver.SlingServletResolver :- The Sling Servlet and Script Resolver has multiple tasks: One it is used as the ServletResolver to select the Servlet or Script to call to handle the request. Second it acts as the SlingScriptResolver and finally it manages error handling by implementing the ErrorHandler interface using the same algorithm to select error handling servlets and scripts as is used to resolve request processing servlets and scripts.

The list of extensions for which the default behavior will be used. This means that the last path segment of the resource type can be used as the script name.

Apache Sling Log Tracer org.apache.sling.tracer.internal.LogTracer :- Provides support for enabling log for specific loggers on per request basis. Refer to http://sling.apache.org/documentation/bundles/log-tracers.html for more details

Apache Sling Log Tracer org.apache.sling.tracer.internal.LogTracer :- Provides support for enabling log for specific loggers on per request basis. Refer to http://sling.apache.org/documentation/bundles/log-tracers.html for more details

List of domain mappings. In the form: "name [scheme://]domain.com[:port][/contextpath]". Standard required names are "publish" (public website DNS, such as "http://www.mysite.com"), "author" (author DNS, such as "https://author.mysite.com") and "local" (this instance directly). The scheme will be used as default scheme (if not specified by the code) and can globally define whether http or https is desired. The context path must match the installation of the sling launchpad webapp on that instance. Additional custom domains can be added, each with a unique name.

If active, Externalizer assumes that resource paths passed to its methods are URL-encoded. This might be necessary if your resource paths potentially contain "?" and/or "#" (which would be considered to start the query string/the fragment of the URL otherwise). Note that activating this setting may cause issues with other parts of the application that assume non-encoded paths if affected resource paths contain characters that need to be URL-encoded.

Restrict history logging to some paths. Leave empty to log all of them

STRING

Embed Resources

mailer.email.embed

Day CQ Mailing WebPage Email Template Factory com.day.cq.mailer.impl.email.CqRetrieverTemplateFactory :- Builds templates for personalized HTML-Emails to be sent out. The Template's Content will be retrieved from an WebPage given by an URL.

If set, the resources, like images, files are embedded in the mail. Defaults to false, which means they are linked from the host

BOOLEAN

false

Character Set

mailer.email.charset

Day CQ Mailing WebPage Email Template Factory com.day.cq.mailer.impl.email.CqRetrieverTemplateFactory :- Builds templates for personalized HTML-Emails to be sent out. The Template's Content will be retrieved from an WebPage given by an URL.

The Character set to be used for the mails content

STRING

UTF-8

HTTP User name

mailer.email.retrieverUserID

Day CQ Mailing WebPage Email Template Factory com.day.cq.mailer.impl.email.CqRetrieverTemplateFactory :- Builds templates for personalized HTML-Emails to be sent out. The Template's Content will be retrieved from an WebPage given by an URL.

In case the content has to be downloaded from a Webserver that requires authentication, the User-ID to connect with

STRING

HTTP User password

mailer.email.retrieverUserPWD

Day CQ Mailing WebPage Email Template Factory com.day.cq.mailer.impl.email.CqRetrieverTemplateFactory :- Builds templates for personalized HTML-Emails to be sent out. The Template's Content will be retrieved from an WebPage given by an URL.

In case the content has to be downloaded from a Webserver that requires authentication, the password to connect with.If no user name and no password is configured, anonymous access is attempted.

STRING

SMTP server host name

smtp.host

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

The mailer uses this SMTP server to send messages

STRING

SMTP server port

smtp.port

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

Port number to use to connect to the SMTP server

INTEGER

25

SMTP user

smtp.user

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

The user for authentication through SMTP

STRING

SMTP password

smtp.password

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

The password for authentication through SMTP. The password can either be provided plain text, or crypted via the Crypto Support feature (Main -> Crypto Support menu)

STRING

"From" address

from.address

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

The email address to use in the "From:" field of messages sent by the mailer

STRING

SMTP use SSL

smtp.ssl

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

If enabled, an SSL connection is set up.

BOOLEAN

false

Debug email

debug.email

Day CQ Mail Service com.day.cq.mailer.DefaultMailService :- The mail service can be used to send emails.

If enabled, interactions with the SMTP server are dumped to the operating system terminal that runs Sling

BOOLEAN

false

Character Set

mailer.email.charset

Day CQ Mailing Email Template Factory com.day.cq.mailer.impl.email.CqEmailTemplateFactory :- Builds templates for personalized Emails to be sent out. This mails may content simple plain text or be HTML-Mails.

The Character set to be used for the mails content

STRING

UTF-8

max.recipient.count.name

max.recipient.count

Day CQ Mailing Service com.day.cq.mailer.impl.CqMailingService :- The service sends out personalized mailings to MailingLists.

Sets the minimum interval in seconds allowed for each data source polling. Any data source poll configured with a smaller interval will only be polled at this interval. The default value for the default interval is 5 minutes (300 seconds). SETTING THIS PROPERTY TO A LOWER VALUE MAY BRING YOUR COMMUNIQUE 5 SYSTEM TO A VIRTUAL HALT. The lowest supported value is 1 second.

An optional user ID for taking snapshot. Basically, snapshots are taken for the user that has finsihed the report. There might be situations (for example on a publish system) where you might want specify a fallback user that is used instead. Note that specifying a user might impose a security risk.

Maximum number of reports to be cached. Choose a low number if your reports contains lots of data to avoid out of memory situations.

INTEGER

2

Allowed paths

include.paths

Day CQ Scheduled Exporter com.adobe.cq.scheduled.exporter.impl.ScheduledExporterImpl :- The Scheduled Exporter regularly looks up configured data sources for data to be exported from the Communique 5 repository.

Paths considered when registering cq:ExportConfig nodes.

STRING

/etc/cloudservices

Exporter user

exporter.user

Day CQ Scheduled Exporter com.adobe.cq.scheduled.exporter.impl.ScheduledExporterImpl :- The Scheduled Exporter regularly looks up configured data sources for data to be exported from the Communique 5 repository.

Repository user used for exporting (optional, default's to admin user)

Disable the evaluation of specified CQ application privilege(s) by adding their ID to the disabled list. By default this list contains 'wcm/core/privileges/modifyhierarchy' which is deprecated as of CQ5.4 and 'wcm/core/privileges/replicate as of CQ 5.5.

DAM WebDAV version linking job com.adobe.cq.dam.webdav.impl.io.DamWebdavVersionLinkingJob :- Links the previous version history for the assets edited through WebDAV

Enables version linking for the assets edited through WebDAV

BOOLEAN

false

Periodic Scheduler

cq.dam.webdav.version.linking.scheduler.period

DAM WebDAV version linking job com.adobe.cq.dam.webdav.impl.io.DamWebdavVersionLinkingJob :- Links the previous version history for the assets edited through WebDAV

Time in seconds for for running this job to do the version linking

LONG

5

Staging Timeout

cq.dam.webdav.version.linking.staging.timeout

DAM WebDAV version linking job com.adobe.cq.dam.webdav.impl.io.DamWebdavVersionLinkingJob :- Links the previous version history for the assets edited through WebDAV

The timeout(in seconds) for considering the tmp asset as the previous history of newly created asset through WebDAV edit operations

INTEGER

10

com.day.cq.dam.core.impl.io.SpecialFilesHandler.filepatters.name

com.day.cq.dam.core.impl.io.SpecialFilesHandler.filepatters

Day CQ DAM Special Files Handler com.adobe.cq.dam.webdav.impl.io.SpecialFilesHandler :- Prevents unwanted or premature conversion of "special" files into DAM assets. This is required for softwares editing assets over WebDAV. Special files are defined via file name regular expressions in the service configuration.

Location of the Adobe Server Fonts directory. Default location is /fonts. Fonts need to be copied manually to new directory when this property is changed. Make sure this directory exist else default path will be used.

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

Properties with : in them are often security significant, by default they are not allowed through, with certain 'safe' values white listed. Properties starting with : in them are automatically white listed.

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

This configuration allows white listing certain parameter name prefixes which are known to be safe.

STRING

Binary Parameter Whitelist

binary.parameter.whitelist

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

Binary properties with '.' in them can trigger mime type guessing from the 'extension' part when served by the DefaultGetServlet.

STRING

Modifier Whitelist

modifier.whitelist

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

The SlingPostServlet supports some powerful :operation values such as import/export. So only the basic safe operations are allowed.

STRING

deletenop

Operation Prefix Whitelist

operation.whitelist.prefixes

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

Only specific operations given a specific name prefix are allowed.

STRING

TypeHint Whitelist

typehint.whitelist

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

Adobe CQ Foundation SaferSlingPostValidator com.day.cq.wcm.foundation.security.impl.SaferSlingPostValidatorImpl :- The SaferSlingPostValidator checks POST requests for safety and recommends to REJECT or ACCEPT based on safe/unsafe constructs in the request.

All resource type settings, except those that hav been whitelisted. Candidates on the whitelist should be strongly vetted for XSS, CSRF and any other security vulnerabilities.